/* BEGIN_HEADER */ #include #include "psa/crypto.h" #if(UINT32_MAX > SIZE_MAX) #define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX ) #else #define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1 #endif /** Test if a buffer is not all-bits zero. * * \param buffer Pointer to the beginning of the buffer. * \param size Size of the buffer in bytes. * * \return 0 if the buffer is all-bits-zero. * \return A nonzero value otherwise. */ int mem_is_nonzero( void *buffer, size_t size ) { size_t i; for( i = 0; i < size; i++ ) { if( ( (unsigned char *) buffer )[i] != 0 ) return( i + 1 ); } return( 0 ); } /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_PSA_CRYPTO_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void init_deinit( ) { psa_status_t status; int i; for( i = 0; i <= 1; i++ ) { status = psa_crypto_init( ); TEST_ASSERT( status == PSA_SUCCESS ); status = psa_crypto_init( ); TEST_ASSERT( status == PSA_SUCCESS ); mbedtls_psa_crypto_free( ); } } /* END_CASE */ /* BEGIN_CASE */ void import( data_t *data, int type, int expected_status ) { int slot = 1; psa_status_t status; TEST_ASSERT( data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); status = psa_import_key( slot, type, data->x, data->len ); TEST_ASSERT( status == (psa_status_t) expected_status ); if( status == PSA_SUCCESS ) TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS ); exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void import_export( data_t *data, int type_arg, int alg_arg, int usage_arg, int expected_bits, int export_size_delta, int expected_export_status, int canonical_input ) { int slot = 1; int slot2 = slot + 1; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t status; unsigned char *exported = NULL; unsigned char *reexported = NULL; size_t export_size; size_t exported_length; size_t reexported_length; psa_key_type_t got_type; size_t got_bits; psa_key_policy_t policy; TEST_ASSERT( data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) ); export_size = (ssize_t) data->len + export_size_delta; exported = mbedtls_calloc( 1, export_size ); TEST_ASSERT( exported != NULL ); if( ! canonical_input ) { reexported = mbedtls_calloc( 1, export_size ); TEST_ASSERT( reexported != NULL ); } TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage_arg, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); /* Import the key */ TEST_ASSERT( psa_import_key( slot, type, data->x, data->len ) == PSA_SUCCESS ); /* Test the key information */ TEST_ASSERT( psa_get_key_information( slot, &got_type, &got_bits ) == PSA_SUCCESS ); TEST_ASSERT( got_type == type ); TEST_ASSERT( got_bits == (size_t) expected_bits ); /* Export the key */ status = psa_export_key( slot, exported, export_size, &exported_length ); TEST_ASSERT( status == (psa_status_t) expected_export_status ); TEST_ASSERT( ! mem_is_nonzero( exported + exported_length, export_size - exported_length ) ); if( status != PSA_SUCCESS ) { TEST_ASSERT( exported_length == 0 ); goto destroy; } if( canonical_input ) { TEST_ASSERT( exported_length == data->len ); TEST_ASSERT( memcmp( exported, data->x, data->len ) == 0 ); } else { TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot2, type, exported, export_size ) == PSA_SUCCESS ); TEST_ASSERT( psa_export_key( slot2, reexported, export_size, &reexported_length ) == PSA_SUCCESS ); TEST_ASSERT( reexported_length == exported_length ); TEST_ASSERT( memcmp( reexported, exported, exported_length ) == 0 ); } destroy: /* Destroy the key */ TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS ); TEST_ASSERT( psa_get_key_information( slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT ); exit: mbedtls_free( exported ); mbedtls_free( reexported ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void import_export_public_key( data_t *data, int type_arg, int alg_arg, int expected_bits, int public_key_expected_length, int expected_export_status ) { int slot = 1; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t status; unsigned char *exported = NULL; size_t export_size; size_t exported_length; psa_key_type_t got_type; size_t got_bits; psa_key_policy_t policy; TEST_ASSERT( data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) ); export_size = (ssize_t) data->len; exported = mbedtls_calloc( 1, export_size ); TEST_ASSERT( exported != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); /* Import the key */ TEST_ASSERT( psa_import_key( slot, type, data->x, data->len ) == PSA_SUCCESS ); /* Test the key information */ TEST_ASSERT( psa_get_key_information( slot, &got_type, &got_bits ) == PSA_SUCCESS ); TEST_ASSERT( got_type == type ); TEST_ASSERT( got_bits == (size_t) expected_bits ); /* Export the key */ status = psa_export_public_key( slot, exported, export_size, &exported_length ); TEST_ASSERT( status == (psa_status_t) expected_export_status ); if( status != PSA_SUCCESS ) goto destroy; TEST_ASSERT( exported_length == (size_t) public_key_expected_length ); destroy: /* Destroy the key */ TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS ); TEST_ASSERT( psa_get_key_information( slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT ); exit: mbedtls_free( exported ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void key_policy( int usage_arg, int alg_arg ) { int key_slot = 1; psa_algorithm_t alg = alg_arg; psa_key_usage_t usage = usage_arg; psa_key_type_t key_type = PSA_KEY_TYPE_AES; unsigned char key[32] = {0}; psa_key_policy_t policy_set; psa_key_policy_t policy_get; memset( key, 0x2a, sizeof( key ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy_set ); psa_key_policy_init( &policy_get ); psa_key_policy_set_usage( &policy_set, usage, alg ); TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage ); TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg ); TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key, sizeof( key ) ) == PSA_SUCCESS ); TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS ); TEST_ASSERT( policy_get.usage == policy_set.usage ); TEST_ASSERT( policy_get.alg == policy_set.alg ); exit: psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void key_policy_fail( int usage_arg, int alg_arg, int expected_status, data_t *keypair ) { int key_slot = 1; psa_algorithm_t alg = alg_arg; psa_key_usage_t usage = usage_arg; size_t signature_length = 0; psa_key_policy_t policy; int actual_status = PSA_SUCCESS; TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, usage, alg ); TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS ); if( usage & PSA_KEY_USAGE_EXPORT ) { TEST_ASSERT( keypair != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( keypair->len ) ); TEST_ASSERT( psa_import_key( key_slot, PSA_KEY_TYPE_RSA_KEYPAIR, keypair->x, keypair->len ) == PSA_SUCCESS ); actual_status = psa_asymmetric_sign( key_slot, alg, NULL, 0, NULL, 0, NULL, 0, &signature_length ); } if( usage & PSA_KEY_USAGE_SIGN ) { TEST_ASSERT( keypair != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( keypair->len ) ); TEST_ASSERT( psa_import_key( key_slot, PSA_KEY_TYPE_RSA_KEYPAIR, keypair->x, keypair->len ) == PSA_SUCCESS ); actual_status = psa_export_key( key_slot, NULL, 0, NULL ); } TEST_ASSERT( actual_status == expected_status ); exit: psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void key_lifetime( int lifetime_arg ) { int key_slot = 1; psa_key_type_t key_type = PSA_ALG_CBC_BASE; unsigned char key[32] = {0}; psa_key_lifetime_t lifetime_set = lifetime_arg; psa_key_lifetime_t lifetime_get; memset( key, 0x2a, sizeof( key ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_set_key_lifetime( key_slot, lifetime_set ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key, sizeof( key ) ) == PSA_SUCCESS ); TEST_ASSERT( psa_get_key_lifetime( key_slot, &lifetime_get ) == PSA_SUCCESS ); TEST_ASSERT( lifetime_get == lifetime_set ); exit: psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void key_lifetime_set_fail( int key_slot_arg, int lifetime_arg, int expected_status_arg ) { psa_key_slot_t key_slot = key_slot_arg; psa_key_lifetime_t lifetime_set = lifetime_arg; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); actual_status = psa_set_key_lifetime( key_slot, lifetime_set ); if( actual_status == PSA_SUCCESS ) actual_status = psa_set_key_lifetime( key_slot, lifetime_set ); TEST_ASSERT( expected_status == actual_status ); exit: psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void hash_finish( int alg_arg, data_t *input, data_t *expected_hash ) { psa_algorithm_t alg = alg_arg; unsigned char actual_hash[PSA_HASH_MAX_SIZE]; size_t actual_hash_length; psa_hash_operation_t operation; TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_hash != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_hash->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_hash_update( &operation, input->x, input->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_hash_finish( &operation, actual_hash, sizeof( actual_hash ), &actual_hash_length ) == PSA_SUCCESS ); TEST_ASSERT( actual_hash_length == expected_hash->len ); TEST_ASSERT( memcmp( expected_hash->x, actual_hash, expected_hash->len ) == 0 ); exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void hash_verify( int alg_arg, data_t *input, data_t *expected_hash ) { psa_algorithm_t alg = alg_arg; psa_hash_operation_t operation; TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_hash != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_hash->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_hash_update( &operation, input->x, input->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_hash_verify( &operation, expected_hash->x, expected_hash->len ) == PSA_SUCCESS ); exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void mac_verify( int key_type_arg, data_t *key, int alg_arg, data_t *input, data_t *expected_mac ) { int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation; psa_key_policy_t policy; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_mac != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg ); TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_mac_start( &operation, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS ); TEST_ASSERT( psa_mac_update( &operation, input->x, input->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_mac_verify( &operation, expected_mac->x, expected_mac->len ) == PSA_SUCCESS ); exit: psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *input, data_t *expected_output, int expected_status ) { int key_slot = 1; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_output != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); memset( iv, 0x2a, sizeof( iv ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + function_output_length, output_buffer_size, &function_output_length ); total_output_length += function_output_length; TEST_ASSERT( status == (psa_status_t) expected_status ); if( expected_status == PSA_SUCCESS ) { TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); TEST_ASSERT( total_output_length == expected_output->len ); TEST_ASSERT( memcmp( expected_output->x, output, expected_output->len ) == 0 ); } exit: mbedtls_free( output ); psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, data_t *key, data_t *input, int first_part_size, data_t *expected_output ) { int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_output != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); memset( iv, 0x2a, sizeof( iv ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( (unsigned int) first_part_size < input->len ); TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, output, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; TEST_ASSERT( psa_cipher_update( &operation, input->x + first_part_size, input->len - first_part_size, output, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; TEST_ASSERT( psa_cipher_finish( &operation, output + function_output_length, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); TEST_ASSERT( total_output_length == expected_output->len ); TEST_ASSERT( memcmp( expected_output->x, output, expected_output->len ) == 0 ); exit: mbedtls_free( output ); psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, data_t *key, data_t *input, int first_part_size, data_t *expected_output ) { int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_output != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); memset( iv, 0x2a, sizeof( iv ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_decrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( (unsigned int) first_part_size < input->len ); TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, output, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; TEST_ASSERT( psa_cipher_update( &operation, input->x + first_part_size, input->len - first_part_size, output, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; TEST_ASSERT( psa_cipher_finish( &operation, output + function_output_length, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); TEST_ASSERT( total_output_length == expected_output->len ); TEST_ASSERT( memcmp( expected_output->x, output, expected_output->len ) == 0 ); exit: mbedtls_free( output ); psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, data_t *key, data_t *input, data_t *expected_output, int expected_status ) { int key_slot = 1; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; size_t total_output_length = 0; psa_cipher_operation_t operation; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( expected_output != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); memset( iv, 0x2a, sizeof( iv ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_decrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, &function_output_length ) == PSA_SUCCESS ); total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + function_output_length, output_buffer_size, &function_output_length ); total_output_length += function_output_length; TEST_ASSERT( status == (psa_status_t) expected_status ); if( expected_status == PSA_SUCCESS ) { TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); TEST_ASSERT( total_output_length == expected_output->len ); TEST_ASSERT( memcmp( expected_output->x, output, expected_output->len ) == 0 ); } exit: mbedtls_free( output ); psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_verify_output( int alg_arg, int key_type_arg, data_t *key, data_t *input ) { int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; size_t iv_size = 16; size_t iv_length = 0; unsigned char *output1 = NULL; size_t output1_size = 0; size_t output1_length = 0; unsigned char *output2 = NULL; size_t output2_size = 0; size_t output2_length = 0; size_t function_output_length = 0; psa_cipher_operation_t operation1; psa_cipher_operation_t operation2; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_setup( &operation1, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_decrypt_setup( &operation2, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_generate_iv( &operation1, iv, iv_size, &iv_length ) == PSA_SUCCESS ); output1_size = input->len + operation1.block_size; output1 = mbedtls_calloc( 1, output1_size ); TEST_ASSERT( output1 != NULL ); TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len, output1, output1_size, &output1_length ) == PSA_SUCCESS ); TEST_ASSERT( psa_cipher_finish( &operation1, output1 + output1_length, output1_size, &function_output_length ) == PSA_SUCCESS ); output1_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS ); output2_size = output1_length; output2 = mbedtls_calloc( 1, output2_size ); TEST_ASSERT( output2 != NULL ); TEST_ASSERT( psa_encrypt_set_iv( &operation2, iv, iv_length ) == PSA_SUCCESS ); TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length, output2, output2_size, &output2_length ) == PSA_SUCCESS ); function_output_length = 0; TEST_ASSERT( psa_cipher_finish( &operation2, output2 + output2_length, output2_size, &function_output_length ) == PSA_SUCCESS ); output2_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS ); TEST_ASSERT( input->len == output2_length ); TEST_ASSERT( memcmp( input->x, output2, input->len ) == 0 ); exit: mbedtls_free( output1 ); mbedtls_free( output2 ); psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_verify_output_multipart( int alg_arg, int key_type_arg, data_t *key, data_t *input, int first_part_size ) { int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; size_t iv_size = 16; size_t iv_length = 0; unsigned char *output1 = NULL; size_t output1_buffer_size = 0; size_t output1_length = 0; unsigned char *output2 = NULL; size_t output2_buffer_size = 0; size_t output2_length = 0; size_t function_output_length; psa_cipher_operation_t operation1; psa_cipher_operation_t operation2; TEST_ASSERT( key != NULL ); TEST_ASSERT( input != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, key->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_setup( &operation1, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_decrypt_setup( &operation2, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_generate_iv( &operation1, iv, iv_size, &iv_length ) == PSA_SUCCESS ); output1_buffer_size = input->len + operation1.block_size; output1 = mbedtls_calloc( 1, output1_buffer_size ); TEST_ASSERT( output1 != NULL ); TEST_ASSERT( (unsigned int) first_part_size < input->len ); TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size, output1, output1_buffer_size, &function_output_length ) == PSA_SUCCESS ); output1_length += function_output_length; TEST_ASSERT( psa_cipher_update( &operation1, input->x + first_part_size, input->len - first_part_size, output1, output1_buffer_size, &function_output_length ) == PSA_SUCCESS ); output1_length += function_output_length; TEST_ASSERT( psa_cipher_finish( &operation1, output1 + output1_length, output1_buffer_size - output1_length, &function_output_length ) == PSA_SUCCESS ); output1_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS ); output2_buffer_size = output1_length; output2 = mbedtls_calloc( 1, output2_buffer_size ); TEST_ASSERT( output2 != NULL ); TEST_ASSERT( psa_encrypt_set_iv( &operation2, iv, iv_length ) == PSA_SUCCESS ); TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, output2, output2_buffer_size, &function_output_length ) == PSA_SUCCESS ); output2_length += function_output_length; TEST_ASSERT( psa_cipher_update( &operation2, output1 + first_part_size, output1_length - first_part_size, output2, output2_buffer_size, &function_output_length ) == PSA_SUCCESS ); output2_length += function_output_length; TEST_ASSERT( psa_cipher_finish( &operation2, output2 + output2_length, output2_buffer_size - output2_length, &function_output_length ) == PSA_SUCCESS ); output2_length += function_output_length; TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS ); TEST_ASSERT( input->len == output2_length ); TEST_ASSERT( memcmp( input->x, output2, input->len ) == 0 ); exit: mbedtls_free( output1 ); mbedtls_free( output2 ); psa_destroy_key( key_slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void aead_encrypt_decrypt( int key_type_arg, data_t * key_data, int alg_arg, data_t * input_data, data_t * nonce, data_t * additional_data, int expected_result_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; unsigned char *output_data2 = NULL; size_t output_length2 = 0; size_t tag_length = 16; psa_status_t expected_result = expected_result_arg; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( nonce != NULL ); TEST_ASSERT( additional_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) ); output_size = input_data->len + tag_length; output_data = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output_data != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_aead_encrypt( slot, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, output_data, output_size, &output_length ) == expected_result ); if( PSA_SUCCESS == expected_result ) { output_data2 = mbedtls_calloc( 1, output_length ); TEST_ASSERT( output_data2 != NULL ); TEST_ASSERT( psa_aead_decrypt( slot, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, output_data, output_length, output_data2, output_length, &output_length2 ) == expected_result ); TEST_ASSERT( memcmp( input_data->x, output_data2, input_data->len ) == 0 ); } exit: psa_destroy_key( slot ); mbedtls_free( output_data ); mbedtls_free( output_data2 ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void aead_encrypt( int key_type_arg, data_t * key_data, int alg_arg, data_t * input_data, data_t * additional_data, data_t * nonce, data_t * expected_result ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; size_t tag_length = 16; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( additional_data != NULL ); TEST_ASSERT( nonce != NULL ); TEST_ASSERT( expected_result != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) ); output_size = input_data->len + tag_length; output_data = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output_data != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_aead_encrypt( slot, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, output_data, output_size, &output_length ) == PSA_SUCCESS ); TEST_ASSERT( memcmp( output_data, expected_result->x, output_length ) == 0 ); exit: psa_destroy_key( slot ); mbedtls_free( output_data ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void aead_decrypt( int key_type_arg, data_t * key_data, int alg_arg, data_t * input_data, data_t * additional_data, data_t * nonce, data_t * expected_data, int expected_result_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; size_t tag_length = 16; psa_key_policy_t policy; psa_status_t expected_result = expected_result_arg; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( additional_data != NULL ); TEST_ASSERT( nonce != NULL ); TEST_ASSERT( expected_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) ); output_size = input_data->len + tag_length; output_data = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output_data != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_aead_decrypt( slot, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, output_data, output_size, &output_length ) == expected_result ); if( expected_result == PSA_SUCCESS ) { TEST_ASSERT( memcmp( output_data, expected_data->x, output_length ) == 0 ); } exit: psa_destroy_key( slot ); mbedtls_free( output_data ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void signature_size( int type_arg, int bits, int alg_arg, int expected_size_arg ) { psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg ); TEST_ASSERT( actual_size == (size_t) expected_size_arg ); exit: ; } /* END_CASE */ /* BEGIN_CASE */ void sign_deterministic( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *output_data ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( output_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_get_key_information( slot, NULL, &key_bits ) == PSA_SUCCESS ); signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); TEST_ASSERT( signature_size != 0 ); signature = mbedtls_calloc( 1, signature_size ); TEST_ASSERT( signature != NULL ); TEST_ASSERT( psa_asymmetric_sign( slot, alg, input_data->x, input_data->len, NULL, 0, signature, signature_size, &signature_length ) == PSA_SUCCESS ); TEST_ASSERT( signature_length == output_data->len ); TEST_ASSERT( memcmp( signature, output_data->x, output_data->len ) == 0 ); exit: psa_destroy_key( slot ); mbedtls_free( signature ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void sign_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size, int expected_status_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; unsigned char *signature = NULL; size_t signature_length = 0xdeadbeef; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); signature = mbedtls_calloc( 1, signature_size ); TEST_ASSERT( signature != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); actual_status = psa_asymmetric_sign( slot, alg, input_data->x, input_data->len, NULL, 0, signature, signature_size, &signature_length ); TEST_ASSERT( actual_status == expected_status ); TEST_ASSERT( signature_length == 0 ); exit: psa_destroy_key( slot ); mbedtls_free( signature ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( hash_data != NULL ); TEST_ASSERT( signature_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_asymmetric_verify( slot, alg, hash_data->x, hash_data->len, NULL, 0, signature_data->x, signature_data->len ) == PSA_SUCCESS ); exit: psa_destroy_key( slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data, int expected_status_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( hash_data != NULL ); TEST_ASSERT( signature_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); actual_status = psa_asymmetric_verify( slot, alg, hash_data->x, hash_data->len, NULL, 0, signature_data->x, signature_data->len ); TEST_ASSERT( actual_status == expected_status ); exit: psa_destroy_key( slot ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_size = 0; size_t output_length = 0; unsigned char *output2 = NULL; size_t output2_size = 0; size_t output2_length = 0; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); output_size = key_data->len; output2_size = output_size; output = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output != NULL ); output2 = mbedtls_calloc( 1, output2_size ); TEST_ASSERT( output2 != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random * part of encryption process which prevents using fixed vectors. */ TEST_ASSERT( psa_asymmetric_encrypt( slot, alg, input_data->x, input_data->len, NULL, 0, output, output_size, &output_length ) == PSA_SUCCESS ); TEST_ASSERT( psa_asymmetric_decrypt( slot, alg, output, output_length, NULL, 0, output2, output2_size, &output2_length ) == PSA_SUCCESS ); TEST_ASSERT( memcmp( input_data->x, output2, input_data->len ) == 0 ); exit: psa_destroy_key( slot ); mbedtls_free( output ); mbedtls_free( output2 ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_encrypt_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int expected_status_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_size = 0; size_t output_length = 0; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); output_size = key_data->len; output = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); actual_status = psa_asymmetric_encrypt( slot, alg, input_data->x, input_data->len, NULL, 0, output, output_size, &output_length ); TEST_ASSERT( actual_status == expected_status ); exit: psa_destroy_key( slot ); mbedtls_free( output ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_decrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *expected_data, int expected_size ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_size = 0; size_t output_length = 0; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( expected_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) ); output_size = key_data->len; output = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); TEST_ASSERT( psa_asymmetric_decrypt( slot, alg, input_data->x, input_data->len, NULL, 0, output, output_size, &output_length ) == PSA_SUCCESS ); TEST_ASSERT( (size_t) expected_size == output_length ); TEST_ASSERT( memcmp( expected_data->x, output, output_length ) == 0 ); exit: psa_destroy_key( slot ); mbedtls_free( output ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void asymmetric_decrypt_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int expected_status_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; size_t output_size = 0; size_t output_length = 0; psa_status_t actual_status; psa_status_t expected_status = expected_status_arg; psa_key_policy_t policy; TEST_ASSERT( key_data != NULL ); TEST_ASSERT( input_data != NULL ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) ); output_size = key_data->len; output = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, key_data->x, key_data->len ) == PSA_SUCCESS ); actual_status = psa_asymmetric_decrypt( slot, alg, input_data->x, input_data->len, NULL, 0, output, output_size, &output_length ); TEST_ASSERT( actual_status == expected_status ); exit: psa_destroy_key( slot ); mbedtls_free( output ); mbedtls_psa_crypto_free( ); } /* END_CASE */ /* BEGIN_CASE */ void generate_random( int bytes, int retries ) { const unsigned char trail[] = "foobar"; unsigned char *buffer1 = mbedtls_calloc( 1, bytes + sizeof( trail ) ); unsigned char *buffer2 = mbedtls_calloc( 1, bytes ); TEST_ASSERT( buffer1 != NULL ); TEST_ASSERT( buffer2 != NULL ); memcpy( buffer1 + bytes, trail, sizeof( trail ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); TEST_ASSERT( psa_generate_random( buffer1, bytes ) == PSA_SUCCESS ); /* Check that no more than bytes have been overwritten */ TEST_ASSERT( memcmp( buffer1 + bytes, trail, sizeof( trail ) ) == 0 ); if( bytes == 0 ) goto exit; /* We can't validate that the data is really random, but we can * validate that it doesn't repeat between calls. There's a * 1/256^bytes chance that it does repeat, of course, so allow * a few retries. */ ++retries; /* The first time isn't a REtry */ do { --retries; TEST_ASSERT( psa_generate_random( buffer2, bytes ) == PSA_SUCCESS ); } while( memcmp( buffer1, buffer2, bytes ) == 0 && retries >= -1 ); TEST_ASSERT( retries >= 0 ); exit: mbedtls_psa_crypto_free( ); mbedtls_free( buffer1 ); mbedtls_free( buffer2 ); } /* END_CASE */